Post-quantum cryptography lands in Python with a single pip install
pyca/cryptography 48 now ships ML-KEM and ML-DSA, bringing NIST-standard post-quantum algorithms to Python. Trail of Bits explains what changes for developers and protocols.
Trail of Bits, funded by the Sovereign Tech Agency, has added support for NIST's ML-KEM (key establishment) and ML-DSA (digital signatures) to pyca/cryptography. Starting with cryptography>=48, these post-quantum primitives are available via a simple pip install, complete with Rust bindings, a unified API, and AWS-LC backend support. This matters because pyca/cryptography underpins the cryptographic operations of Ansible, Certbot, Apache Airflow, paramiko and countless other Python projects, pulling 1.2 billion downloads a month on PyPI — without it, the wider ecosystem has no path to post-quantum migration.
The release lands alongside a June 2026 U.S. executive order mandating that federal systems adopt post-quantum key establishment by end of 2030 and post-quantum signatures by end of 2031. But the post explains this isn't a simple algorithm swap: ML-DSA and ML-KEM produce keys, signatures, and ciphertexts that are 1-2 orders of magnitude larger than their classical counterparts (Ed25519, X25519), forcing protocols and wire formats with hardcoded field sizes to be redesigned.
The team is still working on SLH-DSA, a hash-based signature scheme meant as a conservative fallback, and stresses that real migration will only be complete once common protocols like TLS and SSH actually adopt these primitives. For engineers, the takeaway is clear: post-quantum cryptography is now practically accessible in code, but integrating it into existing systems demands careful engineering, testing, and auditing.